Drupal 8 in action. Showing in-context editing and previews (WYSIWYG).
|Original author(s)||Dries Buytaert|
|Initial release||May 18, 2000|
|Written in||PHP, using Symfony|
|Operating system||Unix-like, Windows|
|Size||80 MB (uncompressed Drupal 8 core)|
|Type||Content management framework, Content management system, Community and Blog software|
|License||GPLv2 or later|
Drupal // is  a free and open source content-management framework written in PHP and distributed under the GNU General Public License. Drupal provides a back-end framework for at least 2.3% of all web sites worldwide – ranging from personal blogs to corporate, political, and government sites. Systems also use Drupal for knowledge management and for business collaboration.
As of September 2018[update], the Drupal community is composed of more than 1.3 million members, including 112,500 users actively contributing, resulting in more than 41,500 free modules that extend and customize Drupal functionality, over 2,670 free themes that change the look and feel of Drupal, and at least 1,240 free distributions that allow users to quickly and easily set up a complex, use-specific Drupal in fewer steps.
The standard release of Drupal, known as Drupal core, contains basic features common to content-management systems. These include user account registration and maintenance, menu management, RSS feeds, taxonomy, page layout customization, and system administration. The Drupal core installation can serve as a simple Web site, a single- or multi-user blog, an Internet forum, or a community Web site providing for user-generated content.
Drupal also describes itself as a Web application framework. When compared with notable frameworks Drupal meets most of the generally accepted feature requirements for such web frameworks.
- 1 History
- 2 Core
- 3 Extending the core
- 4 Architecture
- 5 Community
- 6 Security
- 7 Criticism
- 8 See also
- 9 References
- 10 Further reading
- 11 External links
|8.5.6||August 1, 2018|
|7.59||April 25, 2018|
|6.38||February 24, 2016|
|5.23||August 11, 2010|
Originally written by Dries Buytaert as a message board, Drupal became an open source project in 2001. The name Drupal represents an English rendering of the Dutch word druppel, which means "drop" (as in a water droplet). The name came from the now-defunct Drop.org Web site, whose code slowly evolved into Drupal. Buytaert wanted to call the site "dorp" (Dutch for "village") for its community aspects, but mistyped it when checking the domain name and thought the error sounded better.
Interest in Drupal got a significant boost in 2003 when it helped build "DeanSpace" for Howard Dean, one of the candidates in the U.S. Democratic Party's primary campaign for the 2004 U.S. presidential election. DeanSpace used open-source sharing of Drupal to support a decentralized network of approximately 50 disparate, unofficial pro-Dean websites that allowed users to communicate directly with one another as well as with the campaign. After Dean ended his campaign, members of his Web team continued to pursue their interest in developing a Web platform that could aid political activism by launching CivicSpace Labs in July 2004, "...the first company with full-time employees that was developing and distributing Drupal technology." Other companies began to also specialize in Drupal development. By 2013 the Drupal Web site listed hundreds of vendors that offered Drupal-related services.
As of 2014[update] Drupal is developed by a community, and its popularity is growing rapidly. From July 2007 to June 2008 the Drupal.org site provided more than 1.4 million downloads of Drupal software, an increase of approximately 125% from the previous year.
As of January 2017[update] more than 1,180,000 sites use Drupal. These include hundreds of well-known organizations, including corporations, media and publishing companies, governments, non-profits, schools, and individuals. Drupal has won several Packt Open Source CMS Awards and won the Webware 100[clarification needed] three times in a row.
On March 5, 2009 Buytaert announced a code freeze for Drupal 7 for September 1, 2009. Drupal 7 was released on January 5, 2011, with release parties in several countries. After that, maintenance on Drupal 5 stopped, with only Drupal 7 and Drupal 6 maintained. Drupal 7 series maintenance updates are released regularly.
On October 7, 2015 Drupal 8 first release candidate (rc1) was announced. Drupal 8 includes new features and improvements for both users and developers, including: a revamped user interface; WYSIWYG and in-place editing; improved mobile support; added and improved key contributed modules including Views, Date, and Entity Reference; introduced a new object-oriented backend leveraging Symfony components; revamped configuration management; and improved multilingual support. Drupal 8 rc1 is the collective work of over 3,200 core contributors.
Drupal 8.0.0 was released on November 19, 2015. Subsequent major and minor releases (8.5.3 as of April 25, 2018) which bring numerous improvements and bug fixes (including CKEditor WYSIWYG enhancements, added APIs, an improved help page) can be found on the Releases page.
In the Drupal community, "core" refers to the collaboratively built codebase that can be extended through contributory modules and for versions prior to Drupal 8 is kept outside of the "sites" folder of a Drupal installation. (Starting with version 8, core is kept in its own 'core' sub-directory.) Drupal core is the stock element of Drupal. Bootstrap and Common libraries are defined as Drupal core and all other functionality is defined as Drupal modules including the system module itself.
In a Drupal website's default configuration, authors can contribute content as either registered or anonymous users (at the discretion of the administrator). This content is accessible to web visitors through a variety of selectable criteria. As of Drupal 8, Drupal has adopted some Symfony libraries into Drupal core.
Drupal core includes optional modules that can be enabled by the administrator to extend the functionality of the core website.
The core Drupal distribution provides a number of features, including:
- Access statistics and logging
- Advanced search
- Blogs, books, comments, forums, and polls
- Caching and feature throttling for improved performance
- Descriptive URLs
- Multi-level menu system
- Multi-site support
- Multi-user content creation and editing
- OpenID support
- RSS feed and feed aggregator
- Security and new release update notification
- User profiles
- Various access control restrictions (user roles, IP addresses, email)
- Workflow tools (triggers and actions)
Drupal includes core themes, which customize the "look and feel" of Drupal sites, for example, Garland and Bartik.
The Color Module, introduced in Drupal core 5.0, allows administrators to change the color scheme of certain themes via a browser interface.
Drupal can automatically notify the administrator about new versions of modules, themes, or the Drupal core. It's important to update quickly after security updates are released.
Before updating it is highly recommended to take backup of core, modules, theme, files and database. If there is any error shown after update or new updates is not compatible with a module, then it can be quickly replace by backup. There are several backup modules available in Drupal.
On October 15, 2014, a sql injection vulnerability was announced and update released. Two weeks later the Drupal security team released an advisory explaining that everyone should act under the assumption that any site not updated within 7 hours of the announcement are infected. Thus, it can be extremely important to apply these updates quickly and usage of a tool to make this process easier like drush is highly recommended.
Prior to version 7, Drupal had functions that performed tasks related to databases, such as SQL query cleansing, multi-site table name prefixing, and generating proper SQL queries. In particular, Drupal 6 introduced an abstraction layer that allowed programmers to create SQL queries without writing SQL.
Drupal 7 extends the data abstraction layer so that a programmer no longer needs to write SQL queries as text strings. It uses PHP Data Objects to abstract the database. Microsoft has written a database driver for their SQL Server. Drupal 7 supports the file-based SQLite database engine, which is part of the standard PHP distribution.
With Drupal 7's new database abstraction layer, and ability to run on the Windows web server IIS, it is now easier for Windows developers to participate in the Drupal community.
A group on Drupal.org is dedicated to Windows issues.
With the release of Drupal 7, Web accessibility has been greatly improved by the Drupal community. Drupal is a good framework for building sites accessible to people with disabilities, because many of the best practices have been incorporated into the program code Core. The accessibility team is carrying on the work of identifying and resolving accessibility barriers and raising awareness within the community.
Drupal 7 started the adoption of WAI-ARIA support for Rich Internet Applications and this has been carried further in Drupal 8. There have been many improvements to both the visitor and administrator sides of Drupal, especially:
- Drag and drop functionality
- Improved color contrast and intensity
- Adding skip navigation to core themes
- Adding labels by default for input forms
- Fixing CSS display:none with consistent methods for hiding and exposing text on focus.
The community also added an accessibility gate for core issues in Drupal 8.
Extending the core
Drupal core is modular, defining a system of hooks and callbacks, which are accessed internally via an API. This design allows third-party contributed modules and themes to extend or override Drupal's default behaviors without changing Drupal core's code.
Drupal isolates core files from contributed modules and themes. This increases flexibility and security and allows administrators to cleanly upgrade to new releases without overwriting their site's customizations. The Drupal community has the saying, "Never hack core," a strong recommendation that site developers do not change core files.
Contributed modules offer such additional or alternate features as image galleries, custom content types and content listings, WYSIWYG editors, private messaging, third-party integration tools, integrating with BPM portals, and more. As of January 2017[update] the Drupal website lists more than 36,500 free modules.
Some of the most commonly used contributed modules include:
- Content Construction Kit (CCK): allows site administrators to dynamically create content types by extending the database schema. "Content type" describes the kind of information. Content types include, but are not limited to, events, invitations, reviews, articles, and products. The CCK Fields API is in Drupal core in Drupal 7.
- Views: facilitates the retrieval and presentation, through a database abstraction system, of content to site visitors. Basic views functionality has been added to core in Drupal 8.
- Panels: drag and drop layout manager that allows site administrators to visually design their site.
- Rules: conditionally executed actions based on recurring events.
- Features: enables the capture and management of features (entities, views, fields, configuration, etc.) into custom modules.
- Context: allows definition of sections of site where Drupal features can be conditionally activated
- Media: makes photo uploading and media management easier
- Services: provides an API for Drupal.
- Organic Groups Mailing List
Drupal themes use standardized formats that may be generated by common third-party theme design engines. Many are written in the PHPTemplate engine or, to a lesser extent, the XTemplate engine. Some templates use hard-coded PHP. Drupal 8 will integrate the Twig templating engine.
The inclusion of the PHPTemplate and XTemplate engines in Drupal addressed user concerns about flexibility and complexity. The Drupal theming system utilizes a template engine to further separate HTML/CSS from PHP. A popular Drupal contributed module called 'Devel' provides GUI information to developers and themers about the page build.
In the past, those wanting a fully customized installation of Drupal had to download a pre-tailored version separately from the official Drupal core. Today, however, a distribution defines a packaged version of Drupal that upon installation, provides a website or application built for a specific purpose.
The distributions offer the benefit of a new Drupal site without having to manually seek out and install third-party contributed modules or adjust configuration settings. They are collections of modules, themes, and associated configuration settings that prepare Drupal for custom operation. For example, a distribution could configure Drupal as a "brochure" site rather than a news site or online store.
Drupal is based on the Presentation Abstraction Control architecture, or PAC.
The menu system acts as the Controller. It accepts input via a single source (HTTP GET and POST), routes requests to the appropriate helper functions, pulls data out of the Abstraction (nodes and, from Drupal 5 onwards, forms), and then pushes it through a filter to get a Presentation of it (the theme system).
It even has multiple, parallel PAC agents in the form of blocks that push data out to a common canvas (page.tpl.php).
Drupal.org has a large community of users and developers who provide active community support by coming up with new updates to help improve the functionality of Drupal, As of January 2017[update] more than 105,400 users are actively contributing. The semiannual DrupalCon conference alternates between North America, Europe and Asia. Attendance at DrupalCon grew from 500 at Szeged in August 2008, to over 3,700 people at Austin, Texas in June, 2014.
Smaller events, known as "Drupal Camps" or DrupalCamp, occur throughout the year all over the world. The annual Florida DrupalCamp brings users together for Coding for a Cause that benefits a local nonprofit organization, as does the annual GLADCamp (Greater Los Angeles Drupal Camp) event, Coders with a Cause.
The Drupal community also organizes professional and semi-professional gatherings called meetups at a large number of venues around the world. In July, 2013, Droplabs, a co-working space in Los Angeles, California, was recognized as the world's "Top Drupal Location" (with 62 recorded events) when compared with other event venues over a 12-month period.
There are over 30 national communities around drupal.org offering language-specific support.
Administrators of Drupal sites are automatically notified of these new releases via the Update Status module (Drupal 6) or via the Update Manager (Drupal 7).
Downloading and installing an upgrade to Drupal 7.32 fixes the vulnerability, but does not remove any backdoor installed by hackers if the site has already been compromised. Attacks began soon after the vulnerability was announced. According to the Drupal security team, where a site was not patched within hours of the announcement, it should be considered compromised and taken offline by being replaced with a static HTML page while the administrator of its server must be told that other sites on the same server may also have been compromised.
To solve the problem, the site must be restored using backups from before October 15, be patched and manually updated, and anything merged from the site must be audited.
In late March 2018, a patch for vulnerability CVE-2018-7600, also dubbed Drupalgeddon2, was released. The underlying bug allows remote attackers without special roles or permissions to take complete control of Drupal 6, 7, and 8 sites. Starting early April, large scale automated attacks against vulnerable sites were observed, and on April 20th, a high level of penetration of unpatched sites was reported.
This section needs to be updated.(December 2014)
- Usability: Aspects of the Drupal 6 administration interface were confusing and intimidating to some, particularly for new administrators. According to Dries Buytaert, Drupal 7 addressed 90% of the problems identified by usability tests conducted at the Universities of Minnesota and Baltimore. To achieve this, Acquia (the company founded by the project lead of Drupal) hired user experience designer Mark Boulton to work with the Drupal community to design an improved user interface for Drupal's administration interface. The majority of his team's design work has been implemented by the community in Drupal 7. The 2011 usability test results from the University of Minnesota Office of Information Technology show that all of the major usability problems identified in Drupal 6 are either vastly improved or non-existent in Drupal 7. However, some new usability problems were identified. Since the release of Drupal 7 there are now various distributions and applications to enhance the Back-end Usability of Drupal such as Drupal Gardens, Open Enterprise and Mitkom Builder.
- Learning curve: Some users describe Drupal as being difficult to master. Drupal's many contributed modules can have overlapping functionality and have been reported as overwhelming to new users.
- Backward compatibility (for software development): Prior to 7, Drupal did not commit to backward compatibility across major revisions. This means that module and theme developers may have to rework their code to make it compatible. However, Drupal's policy is to not change how it uses data. This means that data from previous versions is still usable without alteration in the new release. Drupal documents any incompatibilities, allowing the user to make informed decisions about when and whether to upgrade. Upgrades from 8 to 9 and beyond will require substantially less effort." 
- Performance/scalability: In 2008, performance tests between Drupal 6.1 and Joomla 1.5 demonstrated that Drupal's pages were delivered "significantly faster" than those of Joomla. Despite this, arguments over speed persist. Drupal is likely to be slower than a special-purpose application for a given task. For example, WordPress typically outperforms Drupal as a single-user blogging tool. Drupal positions itself for broader applications requirements that are outside the scope of more narrowly focused applications. Drupal offers caching to store various page elements, the use of which resulted in a 508% improvement in one benchmark. When using Drupal's default Page Cache mechanism, the cached pages are delivered only to anonymous users, so contributed modules must be installed to allow caching content for logged in users. Like performance, scalability (the ability to add servers to handle growing numbers of visitors with consistent response) can become a concern on large, interactive sites. MySQL's query caching can help reduce the load on the database server caused by Drupal's high query rate. Drupal caches database schema metadata as well as elements such as blocks, forms and menus. Drupal 7 increases performance in database queries and reduces PHP code usage.
- Integrability with hosting structures: Because of Drupal's demanding query requirements, Drupal-based websites can quickly become very taxing to hosts whose databases reside on a machine separate from their HTTP server. While the issue can normally be addressed by implementing aggressive caching as described above, such methods may be unimplementable in cases where the host does not offer access to PHP accelerators like XCache or APC. Drupal has plugins that facilitate similar caching without requiring special PHP extensions.
- The Drupal core search is ineffective at searching content: There are contributed modules that will greatly improve the search functionality on a Drupal website, but they are not easily accessible due to a high learning curve and the difficulty users have in general of finding the right module. One of the faceted search options is Apache Solr Search Integration module, however, the module requires a dedicated server or virtual private server (VPS) to operate because Solr must run on a servlet container, e.g. Tomcat, Jetty or Resin. These requirements make it harder for a Drupal website to have a functional search feature. In response some companies have created Apache Solr SaaS products.
- Many published, yet incomplete or outdated modules While Drupal's site boasts over 30,000 downloadable modules, searching the Drupal module directory finds many that are incomplete abandoned projects and do not work at all, only work for an outdated version due to lack of backward compatibility, or are unusable due to serious bugs. This is due to the open source nature of Drupal, and the fact that anyone is free to start a module and publish it on drupal.org. Modules with an active maintenance team are often highly polished, secure, and nearly bug free. Recent changes to the drupal.org website now let users search for modules, themes, and distributions, while filtering results by stability. 
- Difficult to unit test: Drupal 7 doesn't follow MVC framework and stores all of its configurations in database and as a result, unit testing the code without touching the database becomes extremely difficult. As a result, developers have resorted to using integration testing frameworks such as Red Test or behavior-driven development framework such as Behat and Codeception. Drupal 8 has taken a great stride in making it easier for developers to write unit-testable code.
- Comparison of web frameworks
- List of applications with iCalendar support
- List of content management systems
- Earliest tagged releases
- "Releases for Drupal core". drupal.org. Retrieved 2018-08-01.
- Drupal 8 release history; drupal.org
- "Licensing FAQ". drupal.org. Retrieved 2009-04-08.
- A query on Drupal's official website on March 2009: How does one pronounce "Drupal"? (accessed 19 June 2013)
- "The Drupal Overview". drupal.org. Retrieved 2009-04-08.
- "System Requirements". drupal.org. Retrieved 2009-04-08.
- W3Techs (2011-07-15). "Usage of content management systems for websites". Retrieved 2011-07-15.
- BuiltWith (2011-03-28). "Drupal Usage Statistics". Retrieved 2011-03-28.
- "The State of Drupal 2010 speech". Archive.org. 2001-03-10. Retrieved 2011-08-31.
- "Knowledge management with Drupal".
- "Getting Involved | Drupal.org". www.drupal.org. 2018-09-21. Retrieved 2018-09-21.
- "1 Million Users on Drupal.org!". www.drupal.org. 2013-10-11.
- "Drupal for Developers | Drupal.org". www.drupal.org. 2017-09-21. Retrieved 2017-04-21.
- "Module project | Drupal.org". www.drupal.org. 2017-09-21. Retrieved 2017-09-21.
- "Theme project | Drupal.org". www.drupal.org. 2017-09-21. Retrieved 2017-09-21.
- "Distribution project | Drupal.org". www.drupal.org. 2017-09-21. Retrieved 2017-09-21.
- "Drupal 7 as an enterprise web application framework". drupal.org.
- "Comparison of web frameworks". Wikipedia. 2017-04-07.
Comparison of features
- O'Connor, William (2014-08-19). "The Drupal API turns a CMS into a true enterprise application - O'Reilly Radar". O'Reilly Media. Retrieved 2017-04-11.
- Diana, Dupuis (2013-05-15). "Drupal Is a Framework: Why Everyone Needs to Understand This". Linux Journal.
- "Features". drupal.org. Retrieved 2009-04-08.
- Drupal 7 release history; drupal.org
- Drupal 6 release history; drupal.org
- Drupal 5 release history; drupal.org
- "History". drupal.org. Retrieved 2009-04-08.
- "Druppel: Dutch to English Translation". Babylon Translation. Retrieved 2009-04-08.
- Benjamin Melançon; et al. (2011). The Definitive Guide to Drupal 7 (2nd ed.). Apress. p. 823. ISBN 9781430231356. Retrieved 2012-05-27.
- Critchley, Spencer (2006-05-03). "Digital Politics: An Interview With CivicSpace Founder Zack Rosen". O'Reilly Media. Retrieved 2012-05-27.
- Kreiss, Daniel (2012-03-05). "Dean, Romney, and Drupal: Values and Technological Adoption". Culture Digitally. Retrieved 2012-05-27.
- Samantha M. Shapiro, "The Dean Connection", The New York Times December 7, 2003, accessed May 27, 2012.
- "Marketplace". drupal.org. Retrieved 2013-04-18.
- Koenig, Josh. "Growth Graphs". Groups.Drupal. Retrieved 2009-04-08.
- Buytaert, Dries (2008). "Drupal Download Statistics". Retrieved 2009-04-08.
- Buytaert, Dries (2007). "Drupal Download Statistics". Retrieved 2009-04-08.
- "Usage statistics for Drupal core".
- "Drupal Sites". Dries Buytaert. Retrieved 2010-07-20.
- "List of Nonprofit, NPO, NGO Websites Using Drupal". ENGINE Industries. Archived from the original on 2009-12-24. Retrieved 2010-07-20.
- "OSS CMS Award Previous Winners". Packt Publishing. Retrieved 2009-04-08.
- "Drupal is a Webware 100 winner for the third year in a row". Drupal.org. Retrieved 2011-08-31.
- "Cnet.com". News.cnet.com. 2009-05-19. Retrieved 2011-08-31.
- "Buytaert.net". Buytaert.net. Retrieved 2011-08-31.
- "Drupal 7 to be released on January 5 (with one ginormous party)". Buytaert.net. Retrieved 2011-08-31.
- "Xplain Hosting Drupal 7 Quickstart training seminar". Scoop. 2010-12-16.
- "drupal 7.24". drupal.org. Retrieved 2013-11-20.
- "Drupal 8.0.0-rc1 announcement". drupal.org.
- "Drupal 8.0.0-rc1 announcement". drupal.org.
- "Drupal 8.0.0 released". drupal.org. Retrieved 19 November 2015.
- "Never hack core". drupal.org.
- "Drupal 7.39 released". drupal.org. Retrieved 2015-09-19.
- "Handbook: Core Modules". drupal.org. Archived from the original on 2008-07-28. Retrieved 2009-04-08.
- "Drupal Multi-site installation recipes".
- Buytaert, Dries. "Garland, the new default core theme". drupal.org. Retrieved 2009-04-08.
- "Color: Allows the user to change the color scheme of certain themes". drupal.org. Retrieved 2009-04-08.
- "Drupal core translation downloads". drupal.org. Retrieved 2017-01-30.
- "Drupal 6.0 released". drupal.org. Retrieved 2009-04-08.
- "SA-CORE-2014-005 - Drupal core - SQL injection". Https:. Retrieved December 3, 2014.
- "Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003". Https:. Retrieved December 3, 2014.
- "Install Drupal for Windows". microsoft.com. Retrieved 2011-02-14.
- "Drupal on Windows Group". drupal.org. Retrieved 2011-02-14.
- Killesreiter, Gerhard (2013-02-25). "Accessibility statement". drupal.org. Retrieved 2013-04-16.
- Scholten, Roy (2012-12-10). "Drupal core gates". drupal.org. Retrieved 2013-04-16.
- "API Reference". drupal.org. Retrieved 2009-04-08.
- "File and directory management". drupal.org.
- "Integrating Drupal with External Systems". specbee.com. 2018-08-24. Retrieved 2018-08-24.
- "Drupal Camunda BPM Integration". Srijan Technologies. Srijan Technologies.
- "Project usage overview". Drupal.org. Retrieved 2011-08-18.
- "DRUPAL 5 TO DRUPAL 7".
- "Field API". 2009. Retrieved 2009-05-08.
- "Views in Drupal Core initiative: Status report and roadmap". Retrieved 2014-11-04.
- "PHPTemplate theme engine". drupal.org. Archived from the original on 2009-03-08. Retrieved 2009-04-08.
- "XTemplate theme engine". drupal.org. Archived from the original on 2009-03-16. Retrieved 2009-04-08.
- "How does Drupal compare to Mambo? discussion thread". drupal.org. 2005-01-17. Retrieved 2009-04-08.
- "Drupal themes". Drupal.org. Retrieved 2011-08-31.
- "Adding your theme to Drupal.org". Drupal.org.
- "10 Best Drupal Themes". MAAN Softwares. Retrieved 2017-11-08.
- "Top Drupal Distributions". AGLOBALWAY Consulting Services Inc. Archived from the original on 2014-04-13.
- "MVC vs. PAC".
- Drupal - CMS Grew Overnight By MAAN Softwares, Retrieved, June 8th, 2017
- "drupal.org discussion on DrupalCon event management". Groups.drupal.org. Retrieved 2011-08-31.
- "Drupal Camps and Cons". Retrieved 25 January 2013.
- "1 Year of Drupal Events Visualized". Retrieved 13 July 2013.
- "forums". Drupal.org. Retrieved 2011-08-31.
- "mailing lists". Drupal.org. Retrieved 2011-08-31.
- "Drupal Groups". Groups.drupal.org. Retrieved 2011-08-31.
- "Drupal IRC channels on FreeNode". Drupal.org. Retrieved 2011-08-31.
- "Language specific communities". Drupal.org. 2011-08-26. Retrieved 2011-08-31.
- Keller, Katherine (7 April 2017). "CMS Battle for Beginners: WordPress vs Joomla vs Drupal (Infographic)". Entrepreneur. Retrieved 17 May 2017.
- Drupal. "Security announcement and release process".
- Drupal. "How to report a security issue".
- "Update manager (and Update status)". drupal.org. Retrieved 2011-07-01.
- "Security advisories". drupal.org. Retrieved 2009-04-28.
- "Drupal security team". Drupal.org. Retrieved 2011-08-31.
- "Drupal Security RSS feed". Drupal.org. Retrieved 2011-08-31.
- "Drupalgeddon megaflaw raises questions over CMS bods' crisis mgmt".
- "SA-CORE-2014-005 - Drupal core - SQL injection". Security advisories. Drupal security team.
- "Drupalgeddon strikes back: outdated Drupal allegedly linked to "Panama Papers"". Blog. Drop Guard.
- "Drupal Core—Highly Critical—Public Service Announcement—PSA-2014-003". Security advisories. Drupal security team. October 29, 2014 – via Drupal.org.
You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.
Simply updating to Drupal 7.32 will not remove backdoors....updating to version 7.32 or applying the patch fixes the vulnerability but does not fix an already compromised website. If you find that your site is already patched but you didn’t do it, that can be a symptom that the site was compromised - some attacks have applied the patch as a way to guarantee they are the only attacker in control of the site.
- Robinson, Brian (2014-11-07). "Attacks on open source call for better software design -". GCN. Retrieved 2016-07-29.
- "FAQ about SA-CORE-2018-002". Drupal Security Team. Retrieved 23 April 2018.
- Goddin, Dan (20 April 2018). ""Drupalgeddon2" touches off arms race to mass-exploit powerful Web servers". Ars Technica. Retrieved 23 April 2018.
- Why running the White House Web site on Drupal is a political disaster waiting to happen.
- Message Error, Why running the White House Web site on Drupal is a political disaster waiting to happen Chris Wilson. Slate (magazine) October 27, 2009
- Scollan, Becca; Abby Byrnes; Malia Nagle; Paul Coyle; Cynthia York; Maleka Ingram (2008-05-01). "Drupal Usability Research Report" (PDF). Retrieved 2009-04-08.
- Lal, Kieran (2008-06-26). "Drupal usability tests from the University of Baltimore with community solutions". drupal.org. Retrieved 2009-04-08.
- Buytaert, Dries (2008-07-03). "Usability, usability, and usability". Retrieved 2009-04-08.
- Buytaert, Dries (2008-03-10). "First results from usability testing". Retrieved 2009-04-08.
- "Report from Formal Drupal" (PDF). 2008-03-03. Retrieved 2009-04-08.
- Buytaert, Dries (2009-02-04). "Mark Boulton to help with Drupal 7". Archived from the original on 2010-04-13.
- University of Minnesota Office of Information Technology (2011-05-23). "Usability test at University of Minnesota, may 2011". drupal.org.
- University of Minnesota Office of Information Technology (2011-06-01). "Report from the University of Minnesota Drupal Usability Testing". drupal.org.
- "Drupal Gardens".
- "Open Enterprise".
- Howard, Brian C. (2007-01-25). "Harnessing Drupal for Citizen Journalism". NewAssignment.Net. Retrieved 2009-04-08.
- "Drupal Review". Archived from the original on 2010-02-05.
- James, Heather (2010-11-09). "203 people tell What I wish I knew when I started Drupal". Acquia.com. Retrieved 2010-11-11.
- Buytaert, Dries (2006-05-26). "Backward Compatibility". Retrieved 2009-04-08.
- Buytaert, Dries (2006-07-27). "The pain before the pay-off". Retrieved 2009-04-08.
- "Drupal's Upgrade Instructions (end-user)". Drupal.org. Retrieved 2011-08-31.
- "Joomla 1.5 & Drupal 6.1 Performance Comparison". Archived from the original on 2012-07-22.
- "Is Drupal Slow & Bloated?". Archived from the original on 2012-09-09.
- "Is Drupal the right tool for the job?".
- "Drupal vs Joomla: performance | Dries Buytaert". Buytaert.net. Retrieved 2012-05-05.
- "Authenticated User Page Caching (Authcache)". drupal.org. Retrieved 2009-09-23.
- Buytaert, Dries (2006-08-11). "Drupal vs Joomla! performance". Retrieved 2009-05-20.
- "Speed up a Drupal web site by enabling MySQL query caching". nadeausoftware.com. 2007-03-07. Retrieved 2009-06-21.
- "Book on Drupal Performance & Scalability". Books.tag1consulting.com. 2008-07-16. Archived from the original on 2011-09-06. Retrieved 2011-08-31.
- "Caching in Drupal 6". drupal.org. 2008-07-28. Retrieved 2009-06-21.
- "Drupal 6 vs Drupal 7 performance and comments vs nodes". CivicActions.com. 2009-05-19. Retrieved 2009-06-21.
- "Boost". drupal.org. 2006-10-15. Retrieved 2012-05-05.
- "Memcache API and Integration". drupal.org. Retrieved 2012-05-05.
- "Dealing with unsupported (abandoned) projects".
While experienced Drupal users know to check the queue and the git commits to determine the health of a project, having broken and unmaintained/unsupported projects available can be confusing and off-putting for new users.
- "Drupal Testing Methodologies Are Broken - Here's Why | Red Crackle". redcrackle.com. Retrieved 2015-12-05.
- Abbott/Jones (2016), Learning Drupal 8, England, Packt Publishing. ISBN 978-1-78216-875-1
- Pol, Kristen (2012). Drupal 7 Multilingual Sites. Birmingham, England: Packt Publishing. ISBN 978-1-84951-818-5.
- Mercer, David (2010). Drupal 7. Birmingham, England: Packt Publishing. ISBN 1-84951-286-8.
- Travis, Brian (2011). Pro Drupal 7 for Windows Developers. Berkeley: APress. ISBN 978-1-4302-3153-0.
- Butcher, Matt; Larry Garfield; John Wilkins; Matt Farina; Ken Rickard; Greg Dunlap (2010). Drupal 7 Module Development. Birmingham, England: Packt Publishing. ISBN 978-1-84951-116-2.
- Bhavin, Patel (Aug 2010). Drupal 6 Panel Cookbook. Canada: Packt Publishing. ISBN 1-84951-118-7.
- Beighley, Lynn (2009). Drupal for Dummies. New York: For Dummies. ISBN 978-0-470-55611-5.
- Herremans, D. (2009). Drupal 6: Ultimate Community Site Guide. Switzerland. ISBN 978-2-8399-0490-2.
- Peacock, Michael (2008). Selling Online with Drupal e-Commerce. Birmingham, England: Packt Publishing. ISBN 978-1-84719-406-0.
- VanDyk, John K. (2008). Pro Drupal Development, Second Edition. New York: Springer Verlag/Apress. ISBN 1-4302-0989-5.
- Kafer, Konstantin; Emma Hogbin (Apr 2009). Front End Drupal: Designing, Theming, Scripting. Jersey, USA: Prentice Hall. ISBN 0-13-713669-2.
|Wikimedia Commons has media related to Drupal.|